Date: Fri, 14 Nov 2008 12:07:27 -0800 From: Doug Barton <dougb@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: FreeBSD Net <freebsd-net@FreeBSD.org>, ipfw@FreeBSD.org, Ian Smith <smithi@nimnet.asn.au> Subject: Re: rc.firewall quick change Message-ID: <491DDA7F.1040004@FreeBSD.org> In-Reply-To: <491DC07B.6070304@elischer.org> References: <491CD94F.3020207@elischer.org> <20081114133913.K70117@sola.nimnet.asn.au> <491D375D.1070809@elischer.org> <20081114211043.W54700@delplex.bde.org> <491DC07B.6070304@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote:
> I think the table is faster for mor ethan about 8 addresses (so we
> are borderline) but it's be hard to test.. You however use two rules
> so that would be slower.
I'm not a firewall expert so I won't comment on the specifics but I do
want to say that as a general rule "it works + fast/efficient" is MUCH
more important for default settings than "it works really well" or "it
works + more features." For better or worse we live in a world where
most users don't read the manuals, and that includes the ones running
"benchmarks" with default settings.
OTOH I do think it would be entirely appropriate to include a "better"
example commented out next to the "fast" default. I take a similar
approach with the default named.conf and have had good feedback from
users who appreciate pointers to more information when they actually
do get curious.
hth,
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?491DDA7F.1040004>